Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed wc_clean sanitization to checking for valid utf8 and the input is later sanitized by WordPress db layer. 

It caused issues in 2 places: Order item name (product name) and user's password.
This commit is contained in:
Peter Fabian 2018-08-06 20:49:27 +02:00
parent 97fcc50c30
commit 925002bc37
5 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/wc-admin-functions.php
View File

@ -208,7 +208,7 @@ function wc_save_order_items( $order_id, $items ) {
$item_data = array();
foreach ( $data_keys as $key => $default ) {
$item_data[ $key ] = isset( $items[ $key ][ $item_id ] ) ? wc_clean( wp_unslash( $items[ $key ][ $item_id ] ) ) : $default;
$item_data[ $key ] = isset( $items[ $key ][ $item_id ] ) ? wp_check_invalid_utf8( wp_unslash( $items[ $key ][ $item_id ] ) ) : $default;
}
if ( '0' === $item_data['order_item_qty'] ) {

2
includes/api/v1/class-wc-rest-customers-controller.php
View File

@ -419,7 +419,7 @@ class WC_REST_Customers_V1_Controller extends WC_REST_Controller {
// Customer password.
if ( isset( $request['password'] ) ) {
$customer->set_password( wc_clean( $request['password'] ) );
$customer->set_password( wp_check_invalid_utf8( $request['password'] ) );
}
$this->update_customer_meta_fields( $customer, $request );

3
includes/class-wc-checkout.php
View File

@ -615,6 +615,9 @@ class WC_Checkout {
case 'textarea':
$value = isset( $_POST[ $key ] ) ? wc_sanitize_textarea( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break;
case 'password':
$value = isset( $_POST[ $key ] ) ? wp_check_invalid_utf8( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break;
default:
$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : ''; // WPCS: input var ok, CSRF ok.
break;

2
includes/class-wc-customer.php
View File

@ -294,7 +294,7 @@ class WC_Customer extends WC_Legacy_Customer {
* @param string $password Password.
*/
public function set_password( $password ) {
$this->password = wc_clean( $password );
$this->password = wp_check_invalid_utf8( $password );
}
/**

2
includes/class-wc-order-item.php
View File

@ -186,7 +186,7 @@ class WC_Order_Item extends WC_Data implements ArrayAccess {
* @param string $value Item name.
*/
public function set_name( $value ) {
$this->set_prop( 'name', wc_clean( $value ) );
$this->set_prop( 'name', wp_check_invalid_utf8( $value ) );
}
/*